Skip to main content

Infosphere Information Server

145 CVEs product

Monthly

CVE-2026-9836 HIGH PATCH This Week

Information disclosure in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 allows remote attackers to obtain sensitive information over the network without authentication (CVSS 3.1 vector AV:N/PR:N, base 7.5). The flaw exposes confidential data (C:H) while leaving integrity and availability untouched, and there is no public exploit identified at time of analysis. EPSS is low (0.15%, 5th percentile) and CISA SSVC rates exploitation as none, indicating this is a real but not urgently exploited issue.

IBM Information Disclosure Infosphere Information Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-1567 HIGH This Week

Infosphere Information Server versions up to 11.7.1.6 is affected by improper restriction of xml external entity reference (CVSS 7.1).

IBM XXE Infosphere Information Server
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-1265 MEDIUM This Month

Infosphere Information Server versions up to 11.7.1.6 is affected by insertion of sensitive information into log file (CVSS 4.3).

IBM Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12832 MEDIUM This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

IBM SSRF Infosphere Information Server
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-12531 HIGH This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-36245 HIGH This Month

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-36034 MEDIUM This Month

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-0966 HIGH This Week

CVE-2025-0966 is a SQL injection vulnerability in IBM InfoSphere Information Server 11.7 that allows authenticated remote attackers to execute arbitrary SQL commands against the backend database. An attacker with valid credentials can view, add, modify, or delete sensitive information without administrative privileges. The vulnerability carries a CVSS score of 7.6 (High) and requires low attack complexity, making it a significant risk for organizations using affected versions.

IBM SQLi Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-3629 MEDIUM This Month

CVE-2025-3629 is a security vulnerability (CVSS 4.3) that allows an authenticated user. Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-3221 HIGH This Week

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a denial of service vulnerability caused by insufficient validation of incoming request resources (CWE-770: Allocation of Resources Without Limits or Throttling). A remote, unauthenticated attacker can exploit this over the network to exhaust server resources and cause service unavailability. The CVSS 7.5 score reflects high availability impact with no authentication required and low attack complexity.

IBM Denial Of Service Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-1499 MEDIUM This Month

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Information Disclosure IBM Infosphere Information Server On Cloud Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-1138 MEDIUM Monitor

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-25046 LOW Monitor

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-25045 MEDIUM This Month

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-22351 MEDIUM This Month

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-55895 LOW Monitor

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-7577 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-51477 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-43186 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-51459 HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-40706 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-52363 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52901 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-51460 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-40705 MEDIUM This Month

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-40704 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-39751 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-40689 CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37533 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-40690 MEDIUM This Month

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-28794 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-31898 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28797 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35119 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-31902 HIGH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28798 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-28795 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-22352 MEDIUM This Month

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-46174 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43021 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42022 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42019 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service IBM Infosphere Information Server
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-42009 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40699 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-43015 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38268 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-40363 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24959 HIGH PATCH This Week

IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23473 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22877 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-35898 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33857 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-32336 CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization IBM Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-28529 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22878 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30441 HIGH This Week

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure IBM Infosphere Information Server Websphere Application Server +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25928 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-24960 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-24964 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-23475 MEDIUM PATCH This Month

IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-40752 CRITICAL PATCH Act Now

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-40753 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40747 CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Infosphere Information Server
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-40235 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-35717 HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Infosphere Information Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-35642 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30615 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30608 HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-22442 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-22425 CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-41291 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-36772 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-40748 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-35715 HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22373 MEDIUM PATCH This Month

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SAP Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-31768 CRITICAL PATCH Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM SQLi Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-22443 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22441 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-22427 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22322 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-38887 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38948 CRITICAL PATCH Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XXE Infosphere Information Server
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2021-29888 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-29875 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29771 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29738 MEDIUM PATCH This Month

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29737 HIGH PATCH This Week

IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-29730 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29712 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29681 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 allows remote attackers to obtain sensitive information over the network without authentication (CVSS 3.1 vector AV:N/PR:N, base 7.5). The flaw exposes confidential data (C:H) while leaving integrity and availability untouched, and there is no public exploit identified at time of analysis. EPSS is low (0.15%, 5th percentile) and CISA SSVC rates exploitation as none, indicating this is a real but not urgently exploited issue.

IBM Information Disclosure Infosphere Information Server
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Infosphere Information Server versions up to 11.7.1.6 is affected by improper restriction of xml external entity reference (CVSS 7.1).

IBM XXE Infosphere Information Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Infosphere Information Server versions up to 11.7.1.6 is affected by insertion of sensitive information into log file (CVSS 4.3).

IBM Infosphere Information Server
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

IBM SSRF Infosphere Information Server
NVD
EPSS 0% CVSS 7.1
HIGH This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE IBM Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH This Month

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 7.6
HIGH This Week

CVE-2025-0966 is a SQL injection vulnerability in IBM InfoSphere Information Server 11.7 that allows authenticated remote attackers to execute arbitrary SQL commands against the backend database. An attacker with valid credentials can view, add, modify, or delete sensitive information without administrative privileges. The vulnerability carries a CVSS score of 7.6 (High) and requires low attack complexity, making it a significant risk for organizations using affected versions.

IBM SQLi Information Disclosure +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

CVE-2025-3629 is a security vulnerability (CVSS 4.3) that allows an authenticated user. Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain a denial of service vulnerability caused by insufficient validation of incoming request resources (CWE-770: Allocation of Resources Without Limits or Throttling). A remote, unauthenticated attacker can exploit this over the network to exhaust server resources and cause service unavailability. The CVSS 7.5 score reflects high availability impact with no authentication required and low attack complexity.

IBM Denial Of Service Infosphere Information Server
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Information Disclosure IBM Infosphere Information Server On Cloud +1
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server +1
NVD
EPSS 0% CVSS 3.7
LOW Monitor

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 2.7
LOW Monitor

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 8.4
HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Infosphere Information Server +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Infosphere Information Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection IBM Infosphere Information Server
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization IBM +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure IBM +3
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Infosphere Information Server
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection IBM Infosphere Information Server +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Infosphere Information Server
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Infosphere Information Server +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Infosphere Information Server
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SAP Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM SQLi Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XXE Infosphere Information Server
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Infosphere Information Server
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Infosphere Information Server
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Infosphere Information Server
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy